This article provides a summary how Staff users, Resellers\Customers can authenticate existing Azure account instead of MachPanel account .
This article applies to MachPanel v6.0.32
Staff users can authenticate using existing Azure account instead of MachPanel account. Also if customer/resellers have Azure account, they can also authenticate using their Azure account as well via MachPanel Login.
Provider/Reseller and End Customer can add alternate login (email address) if 3rd party authentication is enabled.
- Provider must have Microsoft Tenant.
- Provider has to add a web application in Azure and switch on the multitenanted option.
- Configure and enable O365 Auth provider in panel.
- The employees should be created using Azure login in Panel.
- If customer/reseller using Panel with Private Label Url and want to login using O365.
- Customer/Reseller should have their own tenant in Microsoft O365.
- Their own respective O365 Auth provider enabled and configured in MachPanel.
- In panel we need to add primary email besides user name/login field, for Customer, Customer contact and staff users, to link panel user with O365 user.
- On MachPanel Login page, there will be a link to "Login with Office 365 account", on click user will go to Microsoft login page, once logged in he is signed-in in panel.
- If user is already signed-in in Office365 portal and clicks on Login with Office 365 account, he is automatically signed-in in panel.
- If the user does not exists in panel as staff or customer or customer contact, error message will appear on login page: “User account not found, please contact Administrator.”
Navigate to the following Path: Home > System Configuration > Authentication
- Enable login using Microsoft account: Check this check box to enable authentication.
- Note: If enabled, staff users and customers can login using Microsoft Azure authentication. Please note that in order to match Azure account to a panel account, the Azure login must be used as portal login or Azure login must be set in additional login in user profile.
- Azure Web Application Id: Here provide the Azure Web AppID.
How to configure Azure Web Application? (hyper-link)
On click show below contents in div:
- Sign in to the Azure portal.
- If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant.
- In the left-hand navigation pane, click the Azure Active Directory service, click App registrations, and click New application registration.
- When the Create page appears, enter your application's registration information:
- Name: Enter a meaningful application name example PortalAuth
- Application Type: Select "Web app / API"
- Sign-On URL: Provide the base URL of panel. For example, https://cp.hosting.com
- Click Create
- You are taken to the application's main registration page, which opens up the Settings page for the application.
- Click Properties, a new window will open, at end of window set Multi-Tenanted to Yes, and click Save.
- Click Required Permissions, then click Grant Permissions, and click Yes.
- Click Reply URLs, add all white label urls for resellers and customers under Reply URLs and click Save.
- Click X, on Settings page to close Settings.
- Switch to the Edit manifest page, by clicking Manifest from the application's registration page. A web-based manifest editor opens, allowing you to Edit the manifest within the portal. Locate and set the "oauth2AllowImplicitFlow" value to "true." By default, it is set to "false." Click Save.
- Copy Application Id and specify in Azure Web Application Id.
If Azure authentication is enabled whose login page is appearing, show: “Continue with Azure” will be as shown.
On Login with Azure, perform steps to login using Azure account. Once user is authenticated at Microsoft, find related user in panel and log-in that user. If user not found, it will give error: “Panel account for Microsoft login email@example.com, does not exist, please contact Administrator”.
The Reply URL should be complete as shown in image below:
Add additional login for staff, customer and customer contacts. Additional login will hold multiple 3rd party logins, like Azure username, Google user name, etc. Staff user, customer and customer contact should be able to set additional login under Profile.
After login as customer go to Profile as shown below:
- Login: Provide Login email address.
- Click Add.
On save, make sure the email used is not used already for Staff, Customer, Customer Contact or End Customer.